QUESTION 23You create an Azure Storage account named contosostorage.You plan to create a file share named data.Users need to map a drive to the data file share from home computers that run Windows 10.Which port should be open between the home computers and the data file share?

QUESTION 24You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.Your company has a public DNS zone for contoso.com.You add contoso.com as a custom domain name to Azure AD. You need to ensure that Azure can verify the domain name.Which type of DNS record should you create?

QUESTION 25Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider.Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 26Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.Solution: You configure a custom policy definition, and then you assign the policy to the subscription.Does this meet the goal?

A. YesB. No

Answer: AExplanation:Resource policy definition used by Azure Policy enables you to establish conventions for resources in your organization by describing when the policy is enforced and what effect to take. By defining conventions, you can control costs and more easily manage your resources. References: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition

QUESTION 27Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.Another administrator plans to create several network security groups (NSGs) in the subscription.You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.Solution: You create a resource lock, and then you assign the lock to the subscription.Does this meet the goal?

QUESTION 28You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts.You create a new user account named AdminUser1.You need to assign the User administrator administrative role to AdminUser1.What should you do from the user account properties?

A. From the Directory role blade, modify the directory role.B. From the Groups blade, invite the user account to a new group.C. From the Licenses blade, assign a new license.

QUESTION 29You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.You need to ensure that the synchronization completes successfully.What should you do?

A. From Synchronization Service Manager, run a full import.B. Run Azure AD Connect and set the SSO method to Pass-through Authentication.C. From Azure PowerShell, run Start-AdSyncSyncCycle -PolicyType Initial.D. Run Azure AD Connect and disable staging mode.

QUESTION 30You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features.What should you do?

A. From the Groups blade of each user, invite the users to a group.B. From the Licenses blade of Azure AD, assign a license.C. From the Directory role blade of each user, modify the directory role.D. From the Azure AD domain, add an enterprise application.

QUESTION 31You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.What should you create to store the password?

A. Azure Active Directory (AD) Identity Protection and an Azure policyB. a Recovery Services vault and a backup policyC. an Azure Key Vault and an access policyD. an Azure Storage account and an access policy

QUESTION 32Your company registers a domain name of contoso.com.You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You modify the name server at the domain register.Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 33Your company registers a domain name of contoso.com.You create an Azure DNS named contoso.com and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10.You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address.You need to resolve the name resolution issue.Solution: You add an NS record to the contoso.com zone.Does this meet the goal?